'Yo', your app has been hacked

Tools

The recently launched mobile app Yo, which allows users to send the word "Yo" to friends' smartphones, was hacked by three students from Georgia Tech University, TechCrunch reports.

The students were able to push messages to users' phones and read personal data from the company's user database. One of the students explains in an email to TechCrunch: "We can get any Yo user's phone number (I actually texted the founder, and he called me back.) We can spoof Yos from any users, and we can spam any user with as many Yos as we want. We could also send any Yo user a push notification with any text we want (though we decided not to do that.)"

Yo developer and founder Or Arbel confirmed that the app had been hacked. "Yo started as a weekend project and exploded a little too soon. We were just finishing up rewriting the infrastructure in a proper and secure way, as suitable for production grade apps, when it suddenly blew up and went viral," Arbel was quoted by The Guardian as saying.

On a blog, Arbel wrote that little user data was at risk for the hack. "The object of the app is to be simple. When you join it doesn't ask you for your email, full name, Facebook account, or any other piece of personal information. The only identity within the Yo app is your username," Arbel explains.

Following the dictum, "Keep your friends close but keep your enemies closer," Arbel decided to hire one of the hackers, the newspaper notes.

For more:
- check out the TechCrunch report
- read The Guardian article
- see Arbel's blog

Related Articles:
Nokia paid millions in ransom to stop release of Symbian OS encryption key
Spotlight: Hackers steal personal data on 600,000 Domino's customers
AT&T breach highlights problems of delayed notification, third-party security